Do I still need SSL?


First of all, I don't accept credit cards yet. But I am still thinking of getting one just for the sake of securing the passwords of my clients
Now that I integrated facebook and google+ login, I am even more scared of attacks.

So the question is, do I need an SSL certificate as early as now? With my understanding, facebook and google+ login are secured from their side. Not on my opencart website. Like an SSO mechanism or gateway. So middle man attacks can be avoided.


  • Hi,
    Well, TLS (SSL) is always better.
    Yet, as you say, many aspects are already secured, even in HTTP.
    The social network login is secure (provided by the social networks).
    The HTTP requests to Oneall from your server can be secure (if you chose the settings of the module this way).
    During the Oneall social login process, the initial login data is also secure (user social network data is not used, but our own).
    Also note that with social login, there is no password to enter on your site.
    And your site should not store credit card information, even if you accept payments.

    So, TLS is better, but for our services, it is already quite secure.

    Hope this helps.


Please sign in to your OneAll account to ask a new question or to contribute to the discussions.

Please click on the link below to connect to the forum with your OneAll account.